In this so-far-informational Internet Draft, Brendan Moran, Milosch Meriac and Hannes Tschofenig note that the problem is worse “when devices have a long lifetime, are deployed in remote or inaccessible areas or where manual intervention is cost prohibitive or otherwise difficult”.

Updates have to use authentication to ensure malicious updates are an impossibility, and also protected against recovering the binary.

Other requirements are that updates are medium-agnostic, support broadcast delivery, are secure, can use a small bootloader, don't need a new firmware format, and have “robust permissions” (including authoring, storage, apply the update, approval, and qualification).

The document outlines how PKI should be used to manage those permissions, and update both the firmware's digital certificate and a target device's public key.

The work arises out of last year's Internet of Things Software Update Workshop (IoTSU), and is discussed at this mailing list. ®

*As always, while the authors have identified their employer, contributions to IETF standardisation work is offered as individuals.